Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse
Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports via raw SQL queries in an upload of a .rdl (Report Definition Language) file; thi
Improper input validation in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.
A local privilege escalation is caused by Overwolf
loading and executing certain dynamic link library files from a user-writeable
folder in SYSTEM context on launch. This allows an attacker with unpri
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege esca
In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended co
Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with
Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.
Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and
arbitrary code execution when a privileged engineer user with console access modifies a configurat
A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation.
CWE-250: Execution with Unnecessary Privileges
CWE-250: Execution with Unnecessary Privileges
An error when handling authorization related to the import / export interfaces on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to access the import / export func
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to
The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory.
Malicious software runnin
Improper Privilege Management vulnerability in WebAppick CTX Feed allows Privilege Escalation.This issue affects CTX Feed: from n/a through 6.5.6.
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their work
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system.
T
Improper input validation in the UEFI WheaERST module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high
Page 1+ Next →